WordPress plugin Memberlite Shortcodes 安全漏洞

WordPress Memberlite Shortcodes plugin is a plugin used to extend the functionality of the theme, mainly used to add additional features to the WordPress theme, such as content display controls, layout tools, etc., while allowing users to use specific features without completely replacing the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formtodatabase exten. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs...

Unmark Marks.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. A cross-site scripting vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file application/views/marks/info.ph...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

CVE-2025-9879

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2025-8316

The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Cross-site Scripting (XSS)

Overview @webrecorder/wabac is a service worker based web archive replay Affected versions of this package are vulnerable to Cross-site Scripting XSS via the 404 error handling process. An attacker can execute arbitrary JavaScript in the victim's browser by crafting a malicious URL that injects...

CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

CVE-2025-9061

The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

POS Point of Sale System /2512.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/hysontable process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress Ocean Extra plugin is a free plugin for the WordPress platform, designed for the OceanWP theme, aiming to enhance the website building experience by adding extra functionality and flexibility. A cross-site scripting vulnerability exists in the WordPress Ocean Extra plugin, which stems...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...